An Abstract Machine for Strong Call by Value 3 of Contexts, and It Subsumes As a Substrategy the Weak Right-To-Left Strategy of Accattoli Et Al.’S ﬁreball Calculus

arXiv:2009.06984v1 [cs.PL] 15 Sep 2020 einadsuyo togrdcinsrtge,ado hi cor their [ of machine and a p strategies, assista on efforts reduction realizations proof strong verification cient of of complex study use for and the calculus design Ho and lambda need). technology typed by proof call dependently (implementing in Haskell advances or recent value) by wea languages, call to programming functional compared (implementing attention for little foundations provide relatively received that the far in so strategies have normalization culus strong) as known (also Full-reducing Introduction 1 ewe h pcfi euto taeyi h aclsadisprac lambda its of and normalization calculus strong Crégut[ the for to in machine due first strategy The reduction plementations. specific the between ⋆ nAsrc ahn o togCl yValue by Call Strong for Machine Abstract An al ozt Biernacka Ma lgorzata hsrsac sspotdb h ainlSineCnr of Centre Science National the by 2019/33/B/ST6/00289. number supported is research This btatmcie rvd ovnetcmuainmdlta m that model computation convenient a provide machines Abstract aiainb evaluation by malization ydsrmntn ntebsso hi atal normalize conve Keywords: partially term their checking of basis to the machine on the discriminating byproduc of by a application As meth redu a example refocusing. a using generalized an of machine al.’s the terms et of Biernacka in correctness on machine the the Accatt prove of by and mantics strategy studied subsu strong value that the by strategy describe call reduction of variant a implements fireball-calculus machine new correspo This functionally the constructing machine. res call-by-va (3) right-to-left the the and modifying implements plication, (2) it Rohde’s, that and so malizer Filinski to normalization- akin call-by-name a function to KN fro deconstructing correspondence (1) functional by: pure al.’s for et Danvy strategy using call-by-value derived strong) (a.k.a. reducing Abstract. nttt fCmue cec,Uiest fWroc Pol of law, University Science, Computer of Institute 10 .Ti ahn mlmnsnra-re taey[ strategy normal-order implements machine This ]. epeeta btatmcieta mlmnsafull- a implements that machine abstract an present We λ -calculus { mabi,dabi,wch,tdr 1 ais Biernacki Dariusz , · btatmachines Abstract · euto semantics. Reduction oazDrab Tomasz 2 , 7 , 17 ]. } @cs.uni.wroc.pl 1 1 · euto strategies Reduction iodCharatonik Witold , u ucinap- function lue λ Crégut’s KN m dn abstract nding cluu.I is It -calculus. forms. d by-evaluation oad ne grant under Poland, ,w present we t, l ta.We al. et oli lignor- ulting epnigeffi- responding uha OCaml as such dbased od and to section e the mes rtibility t ae on based nts · abacal- lambda strategies k Nor- 1 16 oe the ropel ia im- tical em is terms ,ie,a i.e., ], and , ediates wever, ⋆ 2 M. Biernacka et al. hybrid strategy that iterates call by name (CbN), and necessarily extends reduction to open terms and reduces under lambda abstractions—unlike machines for weak strategies that operate on closed terms and stop at lambdas. Similarly to strong CbN, one can define strong call by value (CbV) as an iteration of weak CbV, carefully generalizing the notion of value to open terms [1]. A normalization function realizing strong CbV was proposed by Grégoire&Leroy and implemented in their virtual machine extending the ZAM machine [17]. Another virtual machine for strong CbV was derived by Ager et al. [6] from Aehlig and Joachimski’s normalization function [4]. Recently, a strong call-by-need strategy has been proposed by Kesner et al. [7], and the corresponding abstract machine has been derived by Biernacka et al. [9]. On the other hand, there is a line of work done by Accattoli et al. who study computational complexity of abstract machines, in particular in the context of a weak CbV strategy that operates on open terms, as an intermediate step towards an efficient machine for strong CbV [2]. Many abstract machines are devised or tailored by hand, and their correctness is far from obvious. Alternatively, Danvy et al. initiated a derivational approach that allows to obtain abstract machines from preexisting semantic artefacts for specific strategies by applying well-defined transformations in a systematic way. Danvy et al.’s functional correspondence [5] is a two-way semantics-preserving derivation method that relates higher-order evaluators and abstract machines. More precisely, following Reynolds’ recipe of applying a CPS translation and defunctionalization to a higher-order evaluator expressed in a functional meta- language, it leads to an implementation, in the same meta-language, of the corresponding abstract machine [22]. However, the two program transformations can be inverted and, as first observed by Danvy [11], starting with an implementation of an abstract machine, one can obtain a higher-order compositional evaluator, in the style of a valuation function of denotational semantics [23], that abstractly and concisely embodies the low-level intricacies of the machine, typi- cally scattered all over the transition rules. Such an evaluator can then be locally modified according to one’s needs and a new abstract machine can be derived from it. This approach has proven extremely successful at numerous occasions and it appears to be considerably more systematic and effective than groping for the right changes directly at the level of the abstract machine. The goal of this work is to derive an abstract machine that can be seen as a strong CbV counterpart of Crégut’s machine for normal order which avoids needless reevaluation of function arguments. Rather than directly tweaking the KN machine we propose to take a systematic approach following Danvy’s recipe and (1) we first deconstruct KN into a compositional evaluator, (2) we then modify this evaluator accordingly to account for CbV, and (3) from the new evaluator we derive a new abstract machine. Our meta-language is a small subset of OCaml [19]. In the process, we identify the reduction semantics of the rrCbV variant of a strong CbV strategy in the pure lambda calculus which we also present. In the terminology of Biernacka et al.’s, this is a hybrid strategy that uses three kinds An Abstract Machine for Strong Call by Value 3 of contexts, and it subsumes as a substrategy the weak right-to-left strategy of Accattoli et al.’s fireball calculus. As an application of the machine we also show how to check convertibility of terms by their partial normalization where we can stop the machine and compare computed prefixes of normal forms. Thus, the contributions of this paper include: 1. a full systematic derivation of the machine from a CbV evaluator, 2. a presentation of an abstract machine for strong CbV that is a counterpart of Crégut’s KN machine, 3. a reduction semantics for a strong CbV strategy, 4. an application of the machine to convertibility checking.

Outline. In Section 2 we recall the KN machine and present the NbE function obtained by its deconstruction. In Section 3 we present the machine derived from the evaluator, and in Section 4 the corresponding reduction semantics. In Section 5 we prove the correctness of the machine with respect to the semantics, and in Section 6 we conclude.

Supplementary materials. The full derivations can be found at

https://bitbucket.org/pl-uwr/scbv-machine

2 Deconstruction of the KN Machine

In this section we highlight the endpoints of the derivation: the KN machine, and the resulting evaluator obtained from an OCaml encoding of the machine. The main steps in the derivation are: disentangling the abstract machine into a defunctionalized form, refunctionalizing the stacks of the machine into continua- tions, mapping the continuation-passing evaluator to direct style, and refunctionalizing the closures the direct-style evaluator operates on into their functional representation [11]. All these transformations are described in detail in the supplementary materials.

2.1 Specification of the KN Machine Crégut’s KN machine is shown in Figure 1. Due to the lack of space we do not discuss its architecture here; we refer the reader to the original paper [10] (which also includes a nice introduction to de Bruijn indices and levels) or to a more modern presentation in [16]. We also discuss all transitions of the machine in our supplementary materials. The presentation here is slightly optimized compared to the original, and it coincides (on closed terms) with later presentation introduced by Munk [20]. The machine is in strong bisimulation with the original one, but the latter threads more redundant information: the parameter m in configurations is exactly the number of lambda frames in the current stack and need not be saved in stack frames. 4 M. Biernacka et al.

Syntax: Terms ∋ T ::= n | T1 T2 | λT

TN ::= T | V (n)

Closures ∋ C ::= [TN ,E] Envs = Closures ∗ ∋ E ::= • | C :: E Frames ∋ F ::= [T,E] | λ | T Stacks = Frames ∗ ∋ S ::= • | F :: S

Confs ∋ K ::= hTN ,E,S,mi| hS,T,mi

Initial state (for closed terms):

IKN : T 7→ hT, •, •, 0i Transition rules:

hT1 T2,E,S1,mi→hT1, E, [T2,E] :: S1,mi (1) ′ ′ ′ ′ hλT,E, [T ,E ] :: S1,mi→hT, [T ,E ] :: E,S1,mi (2)

hλT,E,S2,mi→hT, [V (m + 1), •] :: E,λ :: S2,m + 1i (3) ′ h0, [T,E] :: E ,S1,mi→hT,E,S1,mi (4)

hn + 1,C :: E,S1,mi→hn,E,S1,mi (5)

hV (n),E,S1,mi→hS1,m − n,mi (6)

h•,Tnf, 0i→ Tnf (7) ′ ′ ′ ′ h [T ,E ] :: S1,Tneu,mi→hT ,E ,Tneu :: S1,mi (8)

hλ :: S2,Tnf,mi→hS2,λTnf,m − 1i (9)

hTneu :: S1,Tnf,mi→hS1,Tneu Tnf,mi (10)

Fig. 1. Rules for the KN machine

The machine operates on lambda terms with de Bruijn indices used to represent bound variables in the standard way. Things get more complicated when we want to reduce open terms or reduce under lambdas, where we need to care for free variables. In the KN machine this is done using de Bruijn levels which represent the number of enclosing lambda abstractions from the root of the term to the current variable occurrence, and such abstract variables are formed with a diﬀerent constructor V (n). The machine normalizes terms according to the normal-order strategy that extends CbN to reduce open terms and under lambdas. It can be seen as an extension of the Krivine machine for CbN[18].

2.2 Shape Invariant

The machine specification can be seen as a function explicitly written in trampolined style [14], where each transition dispatches by a single pattern matching on the term or on the stack component of the configuration. Stacks are sequences of frames that are constructed when traversing the term in search of a next re- An Abstract Machine for Strong Call by Value 5 dex. However, this “flat” representation allows more stacks to be formed than are reachable in a machine run from the initial empty stack. In order to reason about the machine correctness, one needs to identify the precise structure of reachable stacks. Crégut expresses this shape invariant by a regular expression [10] but it can also be expressed simply by the context grammar using two kinds of stacks S1,S2:

S1 ::= [T, E] :: S1 | S2

S2 ::= • | λ :: S2 | Tneu :: S1 where Tneu denotes terms in neutral form. Neutral and normal forms are constructed according to the following grammar:

Normal forms ∋ Tnf ::= λTnf | Tneu

Neutral terms ∋ Tneu ::= n | Tneu Tnf

Garc´ıa-P´erez & Nogueira [15] underline the importance of establishing the shape invariant for refunctionalization step of the functional correspondence and characterize evaluation contexts of the normal-order strategy by an outside-in context grammar.1 Below we present the grammar of normal-order contexts for the λ-calculus, i.e., leftmost-outermost contexts. We can see that the machine stacks correspond to the inside-out representation of contexts: S1 represents L- contexts encoding the weak CbN strategy while S2 represents A-contexts of the strong extension of CbN. The grammar of outside-in contexts is, on the other hand, more natural for top-down decomposition. Both Lio and Loi represent the same L-contexts family but with reversed order of frames in the lists. We elaborate on the connection between the two kinds of representations in Section 4 when we discuss the strong CbV strategy.

inside-out contexts outside-in contexts

2.3 Compositional Evaluator

The evaluator derived through the functional correspondence from the encoding of the abstract machine of Figure 1, after some tidying to underline its structure, is shown in Figure 2. The evaluator implements an algorithm that follows the principles of normalization by evaluation [13], where the idea is to map a λ-term to an object in the meta-language from which a syntactic normal form of the input term can subsequently be read oﬀ. Actually, what we have mechanically obtained from KN is an OCaml implementation of a domain-theoretic residual- izing model of the λ-calculus, in which the recursive type sem is an encoding of

1 This family can be also deﬁned in terms of an order on contexts [3]. 6 M. Biernacka et al.

(* syntax of the lambda-calculus with de Bruijn indices *) type index = int type term = Var of index | Lam of term | App of term * term

(* semantic domain *) type level = int type glue = Abs of ( sem -> sem ) | Neutral of term and sem = level -> glue

(* reification of semantic objects into normal forms *) let rec reify (d : sem ) (m : level ) : term = match d m with | Abs f -> Lam ( reify (f ( fun m’ -> Neutral ( Var (m’-m -1))))( m +1)) | Neutral a -> a

(* sem -> sem as a retract of sem *) let to_sem (f : sem -> sem ) : sem = fun _ -> Abs f let from_sem (d : sem ) : sem -> sem = fun d ’ -> fun m -> match d m with | Abs f -> f d’ m | Neutral a -> Neutral ( App (a , reify d’ m))

(* interpretation function *) let rec eval (t : term ) (e : sem list ) : sem = match t with | Var n -> List . nth e n | Lam t’ -> to_sem ( fun d -> eval t’ (d :: e)) | App (t1 , t2 ) -> from_sem ( eval t1 e) ( fun m -> eval t2 e m)

(* NbE: interpretation followed by reification *) let nbe (t : term ) : term = reify ( eval t []) 0

Fig. 2. An OCaml implementation of the higher-order compositional evaluator corresponding to the KN machine: an instance of normalization by evaluation for normal- order β-reduction in the λ-calculus.

neu a reflexive domain D of interpretation, isomorphic to N → ((D → D)+ Λ⊥ )⊥ (where N and Λneu are discrete CPOs of natural numbers and neutral terms, respectively). In particular, to sem and from sem encode continuous functions φ : (D → D) → D and ψ : D → (D → D), respectively, such that ψ ◦ φ = id, establishing that D → D is a retract of D [13], which guarantees that β-convertible terms are mapped to the same semantic object. The interpretation function eval An Abstract Machine for Strong Call by Value 7 is completely standard, except for the η-expansion in the clause for application which comes from the fact that the derivation has been carried out in an eager meta-language. The reification function reify mediates between syntax and semantics in the way known from Filinski and Rohde’s work [13] on NbE for the untyped λ-calculus. As a matter of fact, what we have obtained through the functional correspondence from KN is very close to what Filinski and Rohde invented (and proved correct using domain-theoretic tools). The difference lies in the semantic domain which in their case was represented (in SML) by the type that in OCaml would read as type sem = Abs of (( unit -> sem) -> sem) | Neutral of ( level -> term) from which we can see that the de Bruijn level is only needed to construct a neutral term and otherwise redundant (an observation confirmed by the defi- nition of to sem we have derived). With this domain of interpretation function arguments are explicitly passed as thunks. From the reduction strategy point of view, the normalizer of Figure 2 (and KN) implements a two-stage normalization strategy: first reduce a term to a weak normal form (function eval) and then normalize the result (function reify). Seen that way, the two constructors of type sem represent the two possible kinds of weak normal forms. For the record, we have derived an alternative abstract machine for normal- order reduction starting with Filinski and Rohde’s NbE. This machine differs from KN in that it processes neutral terms in a separate mode and with an additional kind of stack. In the next section, we modify our NbE so that it accounts for CbV function applications. In his MSc thesis, Munk also presents selected steps of a deconstruction of KN into a NbE [20]. However, he goes through a step in which de Bruijn levels are moved from the stack to closures in the environment. This step has not been formally justified and the resulting NbE is quite different from Filinski and Rohde’s or from ours.

3 Construction of a Call-by-Value Variant

In this section we derive a call-by-value variant of the Cr´egut abstract machine. This is done by modifying the evaluator of Figure 2 such that it accounts for CbV, and then inverting the transformations on the path from the abstract machine to the evaluator. Call by value is a family of strategies where arguments of a function are evaluated (to a weak normal form) before being passed to the function. This way one avoids needless recomputation of arguments that are used more than once. A possible approach to a strong variant of such a strategy is the applicative order (a.k.a. leftmost-innermost) reduction [24], where the arguments are evaluated to the strong normal form. Here, however, we aim at a diﬀerent, two-stage strategy, analogous to the one embodied in KN and in the normalizer of Figure 2, which is 8 M. Biernacka et al. type sem = Abs of ( sem -> sem ) | Neutral of ( level -> term ) let rec reify (d : sem ) (m : level ) : term = match d with | Abs f -> Lam ( reify (f ( Neutral ( fun m’ -> Var (m’-m -1))))( m +1)) | Neutral l -> l m let to_sem (f : sem -> sem ) : sem = Abs f let from_sem (d : sem ) : sem -> sem = fun d ’ -> match d with | Abs f -> f d’ | Neutral l -> Neutral ( fun m -> let n = reify d’ m in App (l m, n)) let rec eval (t : term ) (e : sem list ) : sem = match t with | Var n -> List . nth e n | Lam t’ -> to_sem ( fun d -> eval t’ (d :: e)) | App (t1 , t2 ) -> let d2 = eval t2 e in from_sem ( eval t1 e) d2 let nbe (t : term ) : term = reify ( eval t []) 0

Fig. 3. An OCaml implementation of the modified higher-order compositional evaluator: an instance of normalization by evaluation for a call-by-value β-reduction in the λ-calculus. a conservative extension of the standard CbV: the arguments are first evaluated to a weak normal form, then the function is applied and only then the resulting weak normal form is further reduced to the strong normal form. In order to obtain one fixed member of the family, we follow [2] and choose the right-to- left order of evaluation of arguments (we also choose the right-to-left order of normalization in inert terms, see Section 4).

3.1 Call-by-Value Evaluator

In call by value, function arguments are evaluated before the application takes place. To reflect this design choice in the evaluator, we modify the domain of interpretation: type sem = Abs of ( sem -> sem) | Neutral of ( level -> term) An Abstract Machine for Strong Call by Value 9 where an argument passed to a function is no longer a thunk, but a preevaluated value in the semantic domain. Here, the two constructors correspond to two kinds of weak normal forms: λ-abstraction and inert term, as presented in Section 4. All the other changes in the evaluator are simple adjustments to this modification. An OCaml implementation of the modified evaluator is shown in Figure 3, where we arbitrarily decided to evaluate function application right to left (witness the explicit sequencing of computations with let in the clause for application in eval) and similarly for generating neutral terms (again, with let in from sem). 2 This normalizer could subsequently be given a domain-theoretic treatment, using the same techniques as the ones applied by Filinski and Rohde to their call- by-name normalizer [13] – an interesting endeavour that would offer one possible way of revealing the precise meaning of the modified normalizer. Here, instead, we take advantage of the functional correspondence and we derive a semantically equivalent abstract machine that we then analyse and we identify the reduction strategy it implements and inherits from the underlying NbE of Figure 3. The machine we derived from the evaluator has been subject to further optimizations before we arrived at the version presented in the next section. In particular, the de Bruijn level m has been moved from application frames of the stack to a dedicated register in the configurations of the machine. This modification requires a more careful bookkeeping of the level and, most notably, it has to be decremented when the machine leaves the scope of a lambda, just as in KN of Figure 1. We also flattened the stack structure to be represented by a single list of frames, instead of by a pair of mutually inductive list-like structures. The final machine is then close in style to KN and can be seen as its call-by-value variant.

3.2 Abstract Machine

The machine obtained by derivation from the NbE evaluator is presented in Fig- ure 4. There are syntactic categories of lambda terms T in de Bruijn notation, machine representations of weak normal forms W , inert terms I, environments E, stack frames F , stacks S and conﬁgurations K. Weak normal forms are either closures consisting of a lambda abstraction and an environment or inert terms. Inert terms are either abstract variables V (n) or inert terms applied to a weak normal form. Just as in the KN machine, here n is de Bruijn level (not to be confused with de Bruijn index in the grammar of terms T ). Weak normal forms represent the intermediate values that are passed to functions as arguments through the environment and subsequently reduced further to normal form. En- vironments are just sequences of weak normal forms; they represent mappings that assign nth element of the sequence to the variable with de Bruijn index n. As usual, stacks represent evaluation contexts.

2 While it would be possible to directly use Filinski and Rohde’s NbE to obtain the evaluator of this section, our goal was to reveal and adjust the evaluator underlying KN, and the precise relation between KN and Filinski and Rohde’s NbE has not been revealed prior to this work. 10 M. Biernacka et al.

Syntax:

Terms ∋ T ::= n | T1 T2 | λT Wnfs ∋ W ::= [λT,E] | I Inerts ∋ I ::= V (n) | IW Envs ∋ E ::= • | W :: E Frames ∋ F ::= [T,E] | W | T | λ | I Stacks ∋ S ::= • | F :: S

Confs ∋ K ::= hT,E,S,miE | hS,W,miC | hS,T,miS

Transition rules:

T 7→ hT, •, •, 0iE (0)

hT1 T2,E,S1,miE →hT2, E, [T1,E] :: S1,miE (1)

hλT,E,S1,miE →hS1, [λT,E],miC (2)

h0,W :: E,S1,miE →hS1,W,miC (3)

hn + 1,W :: E,S1,miE →hn,E,S1,miE (4)

h[T,E] :: S1,W,miC →hT,E, W :: S1,miE (5)

h W :: S1, [λT,E],miC →hT,W :: E,S1,miE (6)

h W :: S1,I,miC →hS1,I W,miC (7)

hS3, [λT,E],miC →hT,V (m + 1) :: E,λ :: S3,m + 1iE (8)

hS2,I W,miC →hI :: S2,W,miC (9)

hS2,V (n),miC →hS2,m − n, miS (10)

hI :: S2,Tnf,miS →h Tnf :: S2,I,miC (11)

hλ :: S3,Tnf,miS →hS3,λTnf,m − 1iS (12)

h Tnf :: S2,Tneu,miS →hS2,Tneu Tnf,miS (13)

h•,Tnf, 0iS 7→ Tnf (14)

Fig. 4. Rules for KNV, a call-by-value variant of KN

There are three kinds of configurations corresponding to three modes of operation: in configurations h·, ·, ·, ·iE the machine evaluates some subterm to a weak normal form; in h·, ·, ·iC it continues with a computed weak normal form and in h·, ·, ·iS it continues with a computed (strong) normal form. Let us discuss the transitions. For the moment we ignore the indices in stacks; we think of S1,S2 and S3 as arbitrary members of the syntactic category S of stacks. Similarly, Tneu and Tnf are arbitrary terms. These indices will become relevant in the next section. Transitions (0)–(6) implement a right-to-left version of the well-known CEK machine [12] in a formulation similar to [5], but using de Bruijn indices. The initial transition (0) loads the term to be evaluated to a configuration with the empty environment and empty stack on de Bruijn level 0. Transitions (1)–(4) An Abstract Machine for Strong Call by Value 11 operate on configurations of the form hT,E,S,miE that are meant to evaluate the term T within the environment E in the context represented by S to a weak normal form (wnf). In the case of application T1 T2, transition (1) calls the evaluation of T2 and pushes a closure pairing T1 with the current environment to the stack. Note that this implements the first of our right-to-left choices of the order of reduction. A lambda abstraction in (2) is already in wnf, so we change the mode of operation to a configuration of the form hS,W,miC . Transitions (3) and (4) simply read a value of a variable from the environment (which always returns a wnf) and change the mode of operation.

Configurations of the form hS,W,miC continue with a wnf W in a context represented by S. There are two goals in these configurations: the first is to finish the evaluation (to wnfs) of the closures stored on the stack according to the weak call-by-value strategy; the second is to reduce W to a strong normal form. This is handled by rules (5)–(10), where rules (5) and (6) are responsible for the first goal, and rules (7)–(10) for the second. In rule (5) the stack contains a closure, so we start evaluating this closure and push the already computed wnf to the stack; when this evaluation reaches a wnf, rules (6) or (7) apply. If the wnf is a lambda abstraction, transition (6) implements a β-contraction. Otherwise it is an inert term; in this case rule (7) reconstructs the application of this inert term to the wnf popped from the stack (which gives another wnf). Rules (8)–(10) are applied when there are no more wnfs on the top of the stack; here we pattern- match on the currently processed wnf W . If W is a closure, transition (8) pushes the elementary context λ to the stack, increments the de Bruijn level (m + 1), adds the abstract variable V (n) to the environment and starts the evaluation of the body. If W is an application I W ′, rule (9) delays the normalization of I by pushing it to the stack and continues with W ′; note that this implements the second of our right-to-left choices of the order of reduction. Finally, if W is an abstract variable with index n at level m, we reach a normal form; rule (10) computes the final index of the variable and changes the mode of operation to a configuration of the form hS,T,miS .

Configurations of the form hS,T,miS continue with a (strong) normal form T in a context represented by S (recall that the grammar of normal forms is presented in Section 2.2). The goal in these configurations is to finish the evaluation of inert term stored on the stack and to reconstruct the final term. This is handled by transitions (11)–(14); the choice of the transition is done by pattern-matching on the stack. If there is an inert term I on the top of the stack, rule (11) pushes the already computed normal form on the stack and calls normalization of I by switching the mode of operation to hS,W,miC. Otherwise there is a λ frame or a previously computed normal form on the top of the stack; in these cases transitions (12) and (13) reconstruct the term accordingly. Finally, when the stack is empty, transition (14) unloads the final result from a configuration. The machine is pure in a sense that it does not use mutable state nor other computational effects so it can be directly implemented in a pure functional language. Thanks to that all structures of the machine are persistent data structures with their advantages (cf. [21]). It differs from machines of [2] in that its 12 M. Biernacka et al. implementation does not perform on-the-fly α-conversion nor does it use point- ers explicitly. Assuming uniform cost criteria for arithmetic operations, the cost of dispatch and of each transition is constant.

3.3 Shape invariants

As in the case of the KN machine, not all sequences of stack frames represent valid contexts that can occur in a reachable configuration of the machine from Figure 4. We define the syntactic category Kwf of well-formed configurations with the following grammar.

S1 ::= [T, E] :: S1 | W :: S1 | S3

S2 ::= Tnf :: S2 | S3

S3 ::= • | λ :: S3 | I :: S2

Kwf ::= hT,E,S1,miE | hS1,W,miC | hS2,I,miC | hS2,Tneu,miS | hS3,Tnf,miS

A simple induction on the length of evaluation gives the folowing lemma. Lemma 1. For all initial terms T , all conﬁgurations reachable from T are well- formed. One can note that there is no invention in designing syntactic categories W and I which correspond to grammars of weak normal forms and inert terms. They are products of defunctionalization which is a part of mechanization carried out via functional correspondence. More interestingly, all shape invariants can be derived. It is enough to use a separate grammar for normal forms in the higher-order normalizer. Through derivation this grammar is imprinted on the grammars of stacks and conﬁgurations.

3.4 An Application: Streaming of Expressions

Here we show a method for early discovering that two terms are not β-convertible, i.e., that they do not have equal normal forms. Grégoire&Leroy show in [17] that the comparison of normal forms can be short-circuited when enough data is computed. Our idea is to run the machine on both terms as long as partial results are the same. If the machine completes the computation on both terms and the computed normal forms are equal, the terms are β-convertible. But whenever it sees partial results that are different for the two input terms, we immediately know that the two terms do not have equal normal forms, without actually completing the computation. In some cases it allows to give an answer even on divergent terms. To get a partial result it is enough to interrupt the machine after transitions (8) and (11) when it pushes λ and Tnf frames, respectively, on the stack. This method is implemented in the accompanying code. As an example, consider the terms λx.λy.Ω and λx.(x λy.Ω) x (using standard notation with names). Even if the evaluation of these terms never termi- nates, we can detect different partial results and determine that these two terms An Abstract Machine for Strong Call by Value 13

(T1 T2)[i := T ]= T1[i := T ] T2[i := T ] i i i T1 T2 T1 T2 (λT1)[i := T ]= λ(T1[i +1 := T ]) ↑≥k ( )= ↑≥k ↑≥k i i n : n < i ↑≥k λT = λ↑≥k+1 T i n[i := T ]= ↑≥0 T : n = i i n + i : n ≥ k ↑≥k n = n − 1 : n > i (n : n

Fig. 5. β-contraction and β-reduction for terms with de Bruijn indices cannot have equal normal forms. By running our machine we learn that the normal form of the former term (if it exists) starts with λx.λy. while the the normal form of the latter (if it exists) starts with λx. x. This application is not speciﬁc to KNV and a similar procedure can be implemented based on KN. However, as is usual with CbV vs CbN, KNV in general performs better by avoiding reevaluation (to weak normal form) of function arguments.

4 Reduction semantics for strong CbV

A reduction semantics is a form of small-step operational semantics with an explicit representation of reduction contexts, i.e., of locations in a term where the computation can take place. Roughly, reduction contexts can be thought to represent terms with a hole. The atomic computation step is defined by a rewriting relation on terms, often called the contraction relation. For example, in our source language, the lambda calculus with de Bruijn indices, the reduction semantics can be formally defined as in Figure 5, where the contraction relation C is ⇀β, and one-step reduction is defined as contraction in context →β, where reduction contexts C describe the specific reduction strategy. For example, if we take C to be L from Section 2.2, then we obtain the normal-order strategy. The notation C[T ] denotes the term reconstructed by plugging the term T in the hole of the context C. In uniform strategies the grammar of reduction contexts is defined using only one nonterminal (as in CbN or CbV), while hybrid strategies use more than one nonterminal (as in normal order). The strong CbV strategy is another example of a hybrid strategy, one with three nonterminals leading to three kinds of contexts, each describing a separate substrategy. As already observed in Section 2.2, shape invariants of the machine stack naturally lead to reduction contexts of the strategy realized by the machine. For the case of the KNV machine, stack invariants translate to grammar of contexts 14 M. Biernacka et al. shown in Figure 6 (left). Equivalently, they can be translated to an automaton, whose transitions are labelled with terms (as opposed to their machine representations), where the syntactic categories of terms in weak normal form and inert terms in the lambda calculus are

Weak normal forms Wnfs ∋ TW ::= λT | TI

Inert terms Inerts ∋ TI ::= n | TI TW

The grammar generates all stacks in syntactic categories S1,S2,S3 in an inside- out manner: the automaton reading a stack from left to right moves from the hole of the represented context towards the topmost symbol. By reversing the arrows in the automaton we obtain an outside-in grammar (Figure 6 right). A context nonterminal (its kind) in inside-out grammars denotes the kind of the hole, whereas in outside-in grammars it denotes the kind of the context generated by that nonterminal.

inside-out outside-in T T ε ε ε ε

S3 S2 S1 R H F

TI TI λ Tnf TW λ Tnf TW

S1 ::= S3 | TW :: S1 | T :: S1 F ::= TW :: F | T :: F | •

S2 ::= S3 | Tnf :: S2 H ::= Tnf :: H | TI :: R

S3 ::= • | λ :: S3 | TI :: S2 R ::= λ :: R | H | F

S3 ⊆ S2 ⊆ S1 F ⊆ R ⊇ H

Fig. 6. Reduction semantics: automata and grammars of contexts

To complete the reduction semantics of strong CbV we have to specify a contraction relation. We simply read it from transition (6), where environments stor- ing delayed substitution consist of structures representing weak normal forms. Thus our contraction is β-contraction restricted to a variant where an argument has to be in weak normal form. We call it βwnf-contraction:

(λT )TW ⇀βwnf T [0 := TW ]

The substrategy corresponding to the F nonterminal in Figure 6 and βwnf- contraction can be recognized as the right-to-left weak strategy of the ﬁreball calculus considered in [2]. It is known that this strategy is deterministic and reduces terms to weak normal forms. Our strong strategy corresponds to the An Abstract Machine for Strong Call by Value 15 nonterminal R (the starting symbol in the grammar); it contains the substrategy F and thus it is a conservative extension of the right-to-left call-by-value strategy. In our strategy arguments of functions are evaluated in the right-to-left order. Similarly, arguments of inert terms are evaluated in the same order—thus we can refer to the strategy as twice right-to-left call-by-value, rrCbV. This is an arbitrary choice; three other options are possible. Some of these options, like lrCbV leave place for optimizations: after completing the weak right-to-left reduction the stack contains a sequence of arguments in weak normal form, which are then composed to build an inert term that is immediately decomposed to the very same sequence of weak normal forms before normalizing them with the strong left-to-right strategy. An optimized machine could refocus directly to strong reduction of arguments on stack instead of rebuilding an inert term and decomposing it again. Strong CbV, as weak CbV, is an incomplete strategy, i.e., some normalizable terms may loop forever, e.g., K I Ω.3 Nevertheless, it allows to compute values of recursive functions.

Example 1. Consider the term λ(K I Ω). We can decompose it uniquely into a context λ(K I ) and a subterm Ω forming a βwnf-redex. The context in the inside-out representation is K I :: λ :: • and it satisfies the S1 constraints. In the outside-in representation it is λ :: K I :: • and conforms with the grammar R. Here S1 and R are initial nonterminals in the grammars of contexts defined in Figure 6. Thus λ(K I Ω) loops in the rrCbV strategy. On the contrary, in term λ(K I λΩ) the subterm λΩ fits the TW grammar and λ( λΩ) is a correct context of rrCbV. Thus λ(K I λΩ) reduces to λI in two steps.

5 Correctness

In this section we show the correctness of the derived machine: it traces [8] (i.e., exactly implements, in a step-by-step manner) the reduction semantics. Before stating the formal theorem we need some deﬁnitions.

5.1 Decoding of machine representations Terms. In the proof of correctness we have to translate lambda terms to machine configurations and back. The encoding of a term to a configuration is given by transition (0) in Figure 4. The translation in the other direction is more involved. We start by defining two functions: J·, ·KW : Wnfs → N → Wnfs decoding the machine representations of weak normal forms and the function J·, ·KI : Inerts → N → Inerts decoding the representations of inert terms. The formal definitions of these functions are given in Appendix A. The second parameter,

3 Where K = λx.λy.x, I = λx.x, Ω =(λx.x x)(λx.x x), using standard notation with names. 16 M. Biernacka et al. which is a de Bruijn level, is needed to decode an abstract variable. The function J·, ·, ·KT : Terms → Envs → N → Terms decodes machine representations of arbitrary terms.

Stacks. Intuitively, a stack should be decoded to an evaluation context. How- ever, we are going to prove a termination result (cf. Lemma 8), for which we need an intermediate representation: lists of annotated frames. The annotation {·}w in {T }w indicates that the term T occurring in a context T is known to be in weak normal form; similarly {·}n in {T }n indicates that T is known to be in strong normal form.

AnnFrms ∋ C ::= T | T | {T }w | {T }n | λ AnnFrms∗ ∋ L ::= • | C :: L

∗ The function J·KS : Stacks → AnnFrms decodes stacks by decoding term representations in stack frames and adding frame annotations.

Annotated decompositions. A conﬁguration of the machine encodes, among others, a decomposition of a term into its subterm and a surrounding context.

Example 2. Consider a fragment of evaluation of the term λ00 (which is λx.xx in de Bruijn notation). We adopt here the OCaml notation for lists, so [1; λ] is the same as 1 :: λ :: •.

(7) (9) h[ V (1); λ], V (1), 1iC → h[λ], V (1) V (1), 1iC → (10) (11) h[V (1) ; λ], V (1), 1iC → h[V (1) ; λ], 0, 1iS →

h[ 0; λ], V (1), 1iC

Here both stacks [ 0; λ] and [ V (1); λ] represent the same context λ( 0), so the first and the last configuration in this sequence gives the same decomposition of λ00 to the subterm 0 in the context λ( 0). In order to capture the fact that the machine does not fall into an infinite loop, even if it considers the same decomposition more than once, we introduce a more informative notion of annotated decomposition. We introduce annotations for terms that allow to distinguish between arbitrary terms and terms in weak or strong normal form.

AnnTerms ∋ A ::= T | {T }w | {T }n AnnDcmp ∋ D ::= A :: L

Configurations. Configurations are first decoded to annotated decompositions with function J·KK : Confs → AnnDcmp and then to terms by function plug : AnnDcmp → Terms. The latter function ignores all annotations. An Abstract Machine for Strong Call by Value 17

5.2 Formal correctness result We are now ready to state the result formally as the following theorem. Theorem 1. KNV traces the twice right-to-left strong CbV strategy, i.e.:

1. The function plug(J·KK ): Confs → Terms is a surjection. ′ ′ 2. For each machine transition K → K , either plug(JKKK ) = plug(JK KK ) (i.e., the two configurations represent different decompositions of the same ′ term), or plug(JKKK ) reduces to plug(JK KK ) in the strategy. 3. There are no silent loops in the machine, i.e., no infinite sequences of transitions K0 → ... → Kn → ... such that plug(JKiKK ) = plug(JKi+1KK ) for all i. 4. For all terms T,T ′, if T reduces to T ′ according to the strategy, then for each K such that plug(JKKK )= T there exists a sequence of machine transitions ′ ′ ′ K → ... → K such that plug(JK KK )= T . The proof of this theorem is more tedious than sophisticated. We provide a sketch in Appendix C. Point 1 is a simple observation that for any term T the corresponding initial configuration is decoded to T . For point 2, a simple case =(6 6) analysis gives that all transitions → leave the decoding of the configurations (6) unchanged. The fact that → implements βwnf-contraction is technically more involved, but not surprising. Probably the most interesting part concerns point 3, which implies that the machine always finds a redex in a finite number of steps. We present the main intuitions here, leaving formal details in the appendices. We start by introducing a strict partial order on annotated terms and frames. For all terms T1,...,T7 we set

Then we extend this order to the reversed lexicographic extension

(7) (9) (10) [{0}w; 0; λ] → [{00}w; λ] → [{0}w; {0}w ; λ] → (11) [{0}n; {0}w ; λ] → [{0}w; {0}n; λ]

5.3 Corollaries Since all the transformations used in the derivation are meaning-preserving, we can informally state that: For every closed term T and its OCaml representation t, the computation eval t [] 0 in the call-by-value normalizer of Figure 3 18 M. Biernacka et al. returns a sem value iﬀ T reaches weak normal form in the strategy. Similarly the computation nbe t returns a term value t’ iﬀ T reaches a normal form T ′ in the strategy, and t’ is an OCaml representation of T ′.

6 Conclusion and future work

We presented the first systematic derivation of an abstract machine KNV that implements the strong CbV strategy for normalization in the lambda calculus. The derivation starts from the KN machine for normal-order reduction and uses off-the-shelf tools to transform semantic artefacts in a sequence of steps that con- stitute the so-called functional correspondence, as a two-way derivation recipe. We also presented the reduction semantics for the strong CbV strategy that can be read off the obtained machine, and that is an example of a hybrid strategy with three kinds of reduction contexts. As an example application of the machine, we illustrated how it can be used for convertibility checking, e.g., in proof assistants based on dependent type theory. In [2], the authors introduced a time complexity criterion for an abstract machine: a machine is called a reasonable implementation of a given strategy if it can simulate n reduction steps in a number of transitions that is polynomial in n and in the size of the initial term. It is easy to observe that KNV is not a reasonable implementation of strong CbV due to the size explosion problem. Consider, e.g., the following term family en where cn denotes the nth Church numeral:

ω := λx.x x en := λx.cn ω x

Each en reduces to its normal form in the number of steps linear in n, but the size of this normal form is exponential in n. Since KNV never reuses structures constructed before, it has to introduce each of the exponentially many constructors in a separate step. Therefore, it is not a reasonable implementation. We intend to construct a modified version of KNV that will critically rely on sharing of intermediate results. We conjecture that such a modification is both necessary and sufficient to achieve a reasonable implementation of strong CbV. We also believe that the present development is a crucial stepping stone in this under- taking and that it offers all the necessary tools. In particular, sharing, in more than one flavour, can be most naturally introduced at the level of the evaluator of Figure 3 and the resulting abstract machine will be a reflection of this modification through the functional correspondence.

Acknowledgements. We thank Filip Sieczkowski and the anonymous reviewers for their helpful comments on the presentation of this work.

References

1. Accattoli, B., Guerrieri, G.: Open call-by-value. In: 14th Asian Symposium, APLAS 2016, Proceedings. LNCS, vol. 10017, pp. 206–226 (2016) An Abstract Machine for Strong Call by Value 19

2. Accattoli, B., Guerrieri, G.: Abstract machines for open call-by-value. Sci. Comput. Program. 184 (2019) 3. Accattoli, B., Lago, U.D.: (Leftmost-outermost) beta reduction is invariant, indeed. Logical Methods in Computer Science 12 (2016) 4. Aehlig, K., Joachimski, F.: Operational aspects of untyped normalization by evaluation. Mathematical Structures in Computer Science 14, 587–611 (2004) 5. Ager, M.S., Biernacki, D., Danvy, O., Midtgaard, J.: A functional correspondence between evaluators and abstract machines. In: Proceedings of the Fifth ACM- SIGPLAN Conference, PPDP’03. pp. 8–19 (2003) 6. Ager, M.S., Biernacki, D., Danvy, O., Midtgaard, J.: From interpreter to compiler and virtual machine: a functional derivation. Tech. Rep. BRICS RS-03-14, DAIMI, Aarhus University, Aarhus, Denmark (Mar 2003) 7. Balabonski, T., Barenbaum, P., Bonelli, E., Kesner, D.: Foundations of strong call by need. PACMPL 1(ICFP), 20:1–20:29 (2017) 8. Biernacka, M., Charatonik, W., Zielinska, K.: Generalized refocusing: From hybrid strategies to abstract machines. In: 2nd International Conference on Formal Structures for Computation and Deduction, FSCD 2017. pp. 10:1–10:17 (2017) 9. Biernacka, M., Charatonik, W.: Deriving an abstract machine for strong call by need. In: 4th International Conference on Formal Structures for Computation and Deduction, FSCD 2019. LIPIcs, vol. 131, pp. 8:1–8:20 (2019) 10. Crégut, P.: Strongly reducing variants of the Krivine abstract machine. Higher- Order and Symbolic Computation 20(3), 209–230 (2007) 11. Danvy, O.: A rational deconstruction of Landin’s SECD machine. In: Implemen- tation and Application of Functional Languages, 16th International Workshop, IFL’04. pp. 52–71 (2004) 12. Felleisen, M., Friedman, D.P.: Control operators, the SECD machine, and the λ- calculus. In: Wirsing, M. (ed.) Formal Description of Programming Concepts III, pp. 193–217. Elsevier Science Publishers B.V. (North-Holland), Amsterdam (1986) 13. Filinski, A., Rohde, H.K.: Denotational aspects of untyped normalization by evaluation. Theoretical Informatics and Applications 39(3), 423–453 (2005) 14. Ganz, S.E., Friedman, D.P., Wand, M.: Trampolined style. In: Proceedings of the 1999 ACM SIGPLAN International Conference on Functional Programming. pp. 18–27 (1999) 15. Garc´ıa-Pérez, A., Nogueira, P.: On the syntactic and functional correspondence between hybrid (or layered) normalisers and abstract machines. Science of Computer Programming 95, 176–199 (2014) 16. Garc´ıa-Pérez, A.,´ Nogueira, P.: The full-reducing Krivine abstract machine KN simulates pure normal-order reduction in lockstep: A proof via corresponding calculus. J. Funct. Program. 29, e7 (2019) 17. Grégoire, B., Leroy, X.: A compiled implementation of strong reduction. In: In- ternational Conference on Functional Programming. pp. 235–246. SIGPLAN No- tices 37(9) (2002) 18. Krivine, J.L.: A call-by-name lambda-calculus machine. Higher-Order and Sym- bolic Computation 20(3), 199–207 (2007) 19. Leroy, X., Doligez, D., Frisch, A., Garrigue, J., Rémy, D., Vouillon, J.: The OCaml system, release 4.10. INRIA, Rocquencourt, France (Feb 2020) 20. Munk, J.: A Study of Syntactic and Semantic Artifacts and its Application to Lambda Definability, Strong Normalization, and Weak Normalization in the Pres- ence of State. Master’s thesis, DAIMI, Aarhus University, Denmark (2007), BRICS research report RS-08-3 20 M. Biernacka et al.

21. Okasaki, C.: Purely functional data structures. Cambridge University Press (1999) 22. Reynolds, J.C.: Deﬁnitional interpreters for higher-order programming languages. Higher-Order and Symbolic Computation 11(4), 363–397 (1998) 23. Schmidt, D.A.: Denotational Semantics: A Methodology for Language Develop- ment. Allyn and Bacon, Inc. (1986) 24. Sestoft, P.: Demonstrating lambda calculus reduction. In: The Essence of Compu- tation: Complexity, Analysis, Transformation. Essays Dedicated to Neil D. Jones. pp. 420–435. No. 2566 in Lecture Notes in Computer Science (2002) An Abstract Machine for Strong Call by Value 21

A Decoding of machine representations

Terms. The functions J·, ·KW : Wnfs → N → Wnfs and J·, ·KI : Inerts → N → Inerts decode the machine representations of weak normal forms and the representations of inert terms.

J[λT, E],mKW = λJT, V (m + 1) :: E,m +1KT

JI,mKW = JI,mKI

JV (n),mKI = m − n

JI W,mKI = JI,mKI JW, mKW .

The function J·, ·, ·KT : Terms → Envs → N → Terms decodes machine representations of arbitrary terms; it uses an auxiliary function J·, ·, ·Kn : N → Envs → N → Terms that implements a lookup of a variable in an environment.

JT1 T2,E,mKT = JT1,E,mKT JT2,E,mKT

JλT,E,mKT = J[λT, E],mKW

Jn,E,mKT = Jn,E,mKn

J0, W :: E,mKn = JW, mKW

Jn +1, W :: E,mKn = Jn,E,mKn

Stacks.

J•KS = •

Jλ :: SKS = λ :: JSKS

JI :: SKS = {JI, |S|λKI }w :: JSKS

J Tnf :: SKS = {Tnf}n :: JSKS

J[T, E] :: SKS = JT,E, |S|λKT :: JSKS

J W :: SKS = JW, |S|λKW :: JSKS

Conﬁgurations.

JhT,E,S,miE KK = JT,E,mKT :: JSKS

JhS,W,miC KK = {JW, mKW }w :: JSKS

JhS,T,miS KK = {T }n :: JSKS plug(T :: •)= T

plug(T1 :: T2 :: L) = plug(T2 T1 :: L)

plug(T1 :: T2 :: L) = plug(T1 T2 :: L) plug(T :: λ :: L) = plug(λT :: L) 22 M. Biernacka et al.

B Closedness invariants

The following function deﬁnes the number of lambda constructors needed to close a given term.

openT (n)= n +1

openT (T1 T2) = max{openT (T1), openT (T2)}

openT (λT ) = max{openT (T ) − 1, 0}

Obviously a term T is closed if openT (T ) = 0. We say that an environment E closes T if openT (T ) ≤ |E|. We then extend the function to (machine representations of) environments and weak normal forms.

openW ([λT, E]) = openE(E) if E closes λT

openW (I) = openI (I)

openI (V (n)) = n

openI (I W ) = max{openI (I), openW (W )}

openE(•)=0

openE(W :: E) = max{openW (W ), openE(E)}

Lemma 2. The machine maintains following invariants: In configurations hT,E,S,miE T is closed by E and openE(E) ≤ m = |S|λ In configurations hS,W,miC openW (W ) ≤ m = |S|λ In configurations hS,T,miS openT (T ) ≤ m = |S|λ In stacks W :: S openW (W ) ≤ |S|λ In stacks I :: S openI (I) ≤ |S|λ

Invariants from Lemma 2 are needed in proofs of lemmas involving reachable configurations like Lemma 5. Unreachable configurations may be subject of strange anomalies. For example, decoding of J[λ1, •], 0KW does not exist because λ1 is an open term and • does not close it. A weird thing happens when one tries to decode Jλλ2, V (5) :: •, 4KT : here λλ2 is an open term but it is decoded to λλ1, which is a closed term. In an appropriate context this may lead to a violation of a variant of Lemma 5 for non-reachable configurations:

Jλλ2, V (5)::•, 4KT JV (2), 4KW = (λλ1) 2 →β λ3 6= −1= Jλ2, V (2)::V (5)::•, 4KT

C Sketch of correctness proof

Below we state the main lemmas needed in the proof of Theorem 1.

Lemma 3 (initial correctness). If T is a closed term then JT, •, 0KT = T . An Abstract Machine for Strong Call by Value 23

Lemma 4 (overhead identiﬁcation). If K is a reachable conﬁguration and =(6 6) ′ ′ K → K then plug(JKKK ) = plug(JK KK ).

Lemma 5 (correctness of contraction). If h W :: S, [λT, E],miC is a reachable conﬁguration of the machine then JλT,E,mKT JW, mKW ⇀β JT, W ::E,mKT .

Lemma 6 (strategy simulates machine). If K is a reachable conﬁguration (6) ′ R ′ of the machine and K → K then plug(JKKK ) →βwnf plug(JK KK ).

Proof. By correct contraction implementation and decoding of stacks.

The following lemma formalizes the intuition from Example 3.

Lemma 7. If K1 → K2 by any of the transitions (1)–(2), (5), (7)–(13) then JK1KK

Proof. The proof is done by inspection of the respective transitions. Below we summarize, for each of the involved transitions, the key arguments. For all terms T,T1,T2 and all lists of annotated contexts L:

T1 T2 :: L

λT :: L

{T2}w :: T1 :: L

{T1}w :: T2 :: L

{λT }w :: L

{T1 T2}w :: L

{n}w :: L

{T2}n :: {T1}w :: L

{T }n :: λ :: L

{T1}n :: {T2}n :: L

The following lemma formally states the main argument behind the “no silent loops” result. Lemma 8 (no silent loops). Every sequence of transitions not involving the (6) transition → is ﬁnite.

=(6 6) Proof. Consider any sequence K1,K2,... of transitions such that Ki → Ki+1 for all i. By Lemma 4 we have plug(JKiKK ) = plug(JKj KK ) for all i, j. Since for a given term there exist only finitely many possible decompositions into elementary contexts and subterms, there exist only finitely many annotated decompositions D such that plug(D) = plug(JK1KK ). Machine transitions (3)–(4) leave unchanged the decoding of a configura- (3,4) tion to an annotated decomposition, in symbols if Ki → Ki+1 then JKiKK = 24 M. Biernacka et al.

JKi+1KK . However, the number of consecutive transitions (3)–(4) is bounded by the biggest de Bruijn index (which is bounded by the number of λ constructors) in plug(JKiKK ). All other transitions strictly increase the decoding JKiKK by Lemma 7. Therefore the sequence is finite. The remaining lemmas in this section (Lemmas 9–11) are key observations in the proof of point 4 of Theorem 1. Lemma 9 (strategy determinism). Any term has at most one βwnf-redex positioned in R context. For the sake of proof we will say that a term has a C-decomposition if it has a βwnf-redex positioned in a context C. We will use a fact that any term has at most one F -decomposition and if it has no F -decomposition then it is a weak normal form. We will prove stronger lemma than Lemma 9: Lemma 10. Every term has at most one R-decomposition. If it has no R- decomposition then it is a normal form. Proof. Proof by structural induction on term T . 1. If term is a variable it has no redex and is a normal form. 2. If term is an abstraction then its body either has at most one R-decomposition or is a normal form by induction hypothesis, and so is T . 3. Otherwise it is an application: T = T1 T2. 3.1. If its right branch T2 has a F -decomposition then no redex can be found in the left branch T1 because T2 can’t be peeled of as a TW nor Tnf frame. 3.2. Otherwise right branch T2 is a weak normal form. 3.2.1. If the left branch T1 has a F -decomposition then no redex can be found in the right branch T2 because T1 can’t be peeled off as a TI frame. 3.2.2. Otherwise left branch T1 is a weak normal form. 3.2.2.1. If the left branch T1 is an abstraction this application raises βwnf- redex. No redex can be found in the right branch T2 because it has no F - decomposition and abstraction T1 can’t be peeled off as a TI frame. No redex can be found in the left branch T1 because abstraction has no F -decomposition or H-decomposition. 3.2.2.2. Otherwise T1 is an inert term. 3.2.2.2.1. If T2 has a R-decomposition then no redex can be found in the left branch T1 because T2 can’t be peeled of as a Tnf frame. It’s the only R- decomposition of T2 by induction hypothesis. 3.2.2.2.2. Otherwise T2 is a normal form by induction hypothesis. 3.2.2.2.2.1. If T1 has a R-decomposition then it’s the only R-decomposition by induction hypothesis. 3.2.2.2.2.2. Otherwise T1 is a neutral term by induction hypothesis and so T is.

Lemma 11 (machine simulates strategy). If plug(JKKK ) has a βwnf-redex (6) positioned in R context then there exists K′ s.t. K →∗ → K′. Proof. The only way machine can stop is to build a normal form. From Lemma 8. if term has a redex the machine must perform its contraction.